🚀 Humanity Protocol's Security Flaw Revealed in Test Network
#HumanityProtocol #SecurityFlaw #TestNetwork #SlowMist #YuJian #Web2 #Vulnerability #PrivacyKeys
According to Foresight News, SlowMist founder Yu Jian has disclosed a security issue within the Humanity Protocol project. The project reportedly stores plaintext private keys directly in the browser's sessionStorage when users log in using Web2 methods, such as email. Fortunately, this vulnerability is present only in the test network and has not caused any real harm yet.#HumanityProtocol #SecurityFlaw #TestNetwork #SlowMist #YuJian #Web2 #Vulnerability #PrivacyKeys
🚀 Security Flaw Discovered In Uniswap iOS Wallet
#Uniswap #iOS #Wallet #SecurityFlaw #Vulnerability #MnemonicUnauthorizedAccess #Cybersecurity #PhysicalAccess #UserSafety
According to PANews, the ScaleBit security team under BitsLab has identified a vulnerability in the Uniswap iOS wallet, termed 'Mnemonic Unauthorized Access.' This flaw, discovered in October 2024, allows attackers with physical access to a device to bypass the wallet's authentication mechanism and directly access the mnemonic stored on the device.
The root cause of this vulnerability lies in the flawed design of the mnemonic storage and access mechanism. The mnemonic is not effectively encrypted at the application layer, and the conditions for triggering the recovery page are unreasonable. This makes it easy for attackers with physical access to the device to bypass the wallet's authentication mechanism and obtain the mnemonic.
Currently, this vulnerability persists in the latest version of the Uniswap Wallet (Version 1.42), posing a potential risk to all users of the wallet. Users are advised to be particularly cautious about the physical security of their devices, avoid disclosing unlock passwords, and refrain from lending their devices to others.#Uniswap #iOS #Wallet #SecurityFlaw #Vulnerability #MnemonicUnauthorizedAccess #Cybersecurity #PhysicalAccess #UserSafety
🚀 Security Flaw Detected in Morpho Lending Protocol
#SecurityFlaw #Morpho #LendingProtocol #Web3 #Fuzzland #Vulnerability #UsersAdvised #Caution
According to Foresight News, Chaofan Shou, co-founder of Web3 security analysis firm Fuzzland, has identified a vulnerability in the front-end of the Morpho lending protocol, specifically in Bundler3. Users are advised to be cautious of potential risks associated with this issue.#SecurityFlaw #Morpho #LendingProtocol #Web3 #Fuzzland #Vulnerability #UsersAdvised #Caution
🚀 Security Flaw Detected in XRPL NPM Package
#XRPL #NPM #SecurityFlaw #AikidoSecurity #Cryptocurrency #PrivateKeys #Vulnerability #Backdoor
According to Foresight News, Aikido Security, a cryptocurrency security research organization, has identified a security vulnerability in the official XRPL NPM package. The backdoor program is capable of stealing users' private keys and transmitting them to attackers. Versions affected by this issue range from 4.2.1 to 4.2.4. Aikido Security advises users of earlier versions to refrain from upgrading to these compromised versions.#XRPL #NPM #SecurityFlaw #AikidoSecurity #Cryptocurrency #PrivateKeys #Vulnerability #Backdoor
🚀 ALEX Protocol Faces Significant Loss Due to Security Flaw
#ALEXProtocol #securityflaw #financialloss #cryptocurrency #liquiditypool #ForesightNews #SlowMist #YuJian #vulnerability #maliciousactivity
According to Foresight News, ALEX Protocol has suffered a substantial financial loss exceeding $8 million due to a security vulnerability. The incident was attributed to a flaw in the self-listing logic of the protocol, which failed to incorporate compatibility checks for unsuccessful transactions. This oversight was exploited maliciously, resulting in the transfer of funds from the liquidity pool. The founder of SlowMist, Yu Jian, recalled a similar incident last year on May 25, when a private key leak led to losses in the millions.#ALEXProtocol #securityflaw #financialloss #cryptocurrency #liquiditypool #ForesightNews #SlowMist #YuJian #vulnerability #maliciousactivity
🚀 Security Flaw Detected in Virgen Points System
#SecurityFlaw #VirgenPoints #Vulnerability #VirtualTeam #ForesightNews #CryptoWallets
According to Foresight News, a member of the Virtual team, identified as @miratisu_ps, has confirmed the presence of a vulnerability in the Virgen Points system. Approximately 6% of wallets have been affected by this issue. Details regarding the nature of the vulnerability and plans for its resolution have not yet been disclosed.#SecurityFlaw #VirgenPoints #Vulnerability #VirtualTeam #ForesightNews #CryptoWallets
🚀 Security Flaw on Base Chain Leads to $90,000 Loss
#SecurityFlaw #BaseChain #PANews #BlockSecPhalconAlert #UnknownContract #0xD9f4a3238154ff6439e37F98c9B11489353715Bb #90000Loss
According to PANews, a security issue identified by BlockSec Phalcon Alert has resulted in a loss of approximately $90,000 on the Base chain. The problem stems from insufficient access control, which allowed arbitrary low-level calls within a callback function. It is advised to immediately revoke all approvals for the unknown contract at address 0xD9f4a3238154ff6439e37F98c9B11489353715Bb to prevent further losses.#SecurityFlaw #BaseChain #PANews #BlockSecPhalconAlert #UnknownContract #0xD9f4a3238154ff6439e37F98c9B11489353715Bb #90000Loss
🚀 Trust Wallet Security Flaw Leads to Significant Fund Theft
#TrustWallet #SecurityFlaw #FundTheft #BlockchainSecurity #Cryptocurrency #WalletVulnerability #ZachXBT #EVM #Bitcoin #Solana #TrustWalletUpdate #CryptoTheft #MobileSecurity #CryptoSupport #BTC #SOL
According to PANews, a security vulnerability in Trust Wallet's browser extension version 2.68 has resulted in the theft of funds from numerous user wallets over the past few hours. Trust Wallet and blockchain investigator ZachXBT reported the issue, advising affected users to disable version 2.68 and upgrade to version 2.69. The mobile and other versions remain unaffected. The Trust Wallet team is actively investigating the matter and contacting victims to address the situation. Preliminary estimates indicate that over $6 million has been stolen, with hundreds of victims and multiple compromised EVM, Bitcoin, and Solana addresses disclosed. Affected users are encouraged to reach out through official support channels for assistance.#TrustWallet #SecurityFlaw #FundTheft #BlockchainSecurity #Cryptocurrency #WalletVulnerability #ZachXBT #EVM #Bitcoin #Solana #TrustWalletUpdate #CryptoTheft #MobileSecurity #CryptoSupport #BTC #SOL
🚀 Potential Security Flaw Detected in Fusion Project
#SecurityFlaw #FusionProject #ChainCatcher #SlowMist #MistEye #EOAAccount #EIP7702 #ExternalCalls #MaliciousContracts #PlasmaVault #Vulnerability
According to ChainCatcher, SlowMist has reported on the X platform that MistEye has identified potential suspicious activity related to the Fusion project. The root cause is a vulnerability in the foundational contract delegated by an EOA account controlled by the project team through EIP-7702. This flaw permits arbitrary external calls, enabling attackers to create and configure malicious circuit breaker contracts for PlasmaVault, allowing them to extract funds from the contract.#SecurityFlaw #FusionProject #ChainCatcher #SlowMist #MistEye #EOAAccount #EIP7702 #ExternalCalls #MaliciousContracts #PlasmaVault #Vulnerability
🚀 Security Flaw in MediaTek-Based Android Phones Poses Risk to Crypto Wallets
#SecurityFlaw #MediaTek #AndroidPhones #CryptoWallets #Vulnerability #PINs #PrivateKeys #Ledger #NS3AI #Trustonic #TrustedExecutionEnvironment #OfflineDecryption
A vulnerability in the firmware of MediaTek-based Android phones has been identified by Ledger researchers, potentially allowing attackers to extract device PINs and crypto wallet private keys in less than a minute. According to NS3.AI, this issue could impact approximately 25% of Android phones utilizing MediaTek chips and Trustonic's trusted execution environment. The attack necessitates physical access to the device and a USB connection before the operating system is loaded, enabling offline decryption of storage.#SecurityFlaw #MediaTek #AndroidPhones #CryptoWallets #Vulnerability #PINs #PrivateKeys #Ledger #NS3AI #Trustonic #TrustedExecutionEnvironment #OfflineDecryption